Anthony PERARD writes ("[PATCH v3 05/31] libxl_qmp: Move the buffer realloc to
the same scope level as read"):
> In qmp_next(), the inner loop should only try to parse messages from
> QMP, if there is more than one.
>
> The handling of the receive buffer ('incomplete'), should be done at the
> same scope level as read(). It doesn't need to be handle more that once
> after a read.
>
> Before this patch, when on message what handled, the inner loop would
> restart by adding the 'buffer' into 'incomplete' (after reallocation).
> Since 'rd' was not reset, the buffer would be strcat a second time.
> After that, the stream from the QMP server would have syntax error, and
> the parsor would throw errors.
>
> This is unlikely to happen as the receive buffer is very large. And
> receiving two messages in a row is unlikely. In the current case, this
> could be an event and a response to a command.
Acked-by: Ian Jackson <ian.jack...@eu.citrix.com>
However, I have not reviewed the buffer handling in detail for
off-by-one errors etc.
I think it would be best for me to do a proper security-focused review
of the whole qmp arrangement after your series.
Thanks,
Ian.
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
